| Summary: | ssh attempts v4 connection w/v6 BindAddress setting in ssh config | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jim Lippard <lippard-mindrot> | ||||
| Component: | Miscellaneous | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | NEW --- | ||||||
| Severity: | normal | CC: | djm, dtucker | ||||
| Priority: | P2 | ||||||
| Version: | 5.3p1 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
ssh is trying to resolve your bindaddress (which could be a hostname) in the addressfamily of each of the addresses returned by your resolver. This obviously doesn't work for IPv4, but ssh doesn't know this until the getaddrinfo fails, generating the error. Since only want IPv6 you should also set "AddressFamily inet6" where you set your IPv6 BindAddress. Created attachment 3163 [details]
suppress non-terminal error messages for AF mismatch between bind and target addresses
This suppresses all but the last error message caused by address family mismatches between the bind address and the destination address
|
The following error occurs (from sshconnect) in my mixed IPv6/v4 environment when ssh'ing from one machine to another (IP addresses have been obfuscated) ssh -vv openapple OpenSSH_5.3, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/lippard/.ssh/config debug1: Applying options for openapple debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to openapple [10.22.5.50] port 2222. getaddrinfo: 2001:470:d:19a:d0::100: no address associated with name debug1: Connecting to openapple [2001:470:d:19a:d5::50] port 2222. The getaddrinfo error occurs because I have an ssh config which sets the BindAddress to 2001:470:d:19a:d0::100 when I ssh to host openapple. openapple has a DNS A record of 10.22.5.50 and an AAAA record of 2001:470:d:19a:d5::50 (both of which have appropriate rDNS). Looks like ssh is failing to recognize that my BindAddress is an IPv6 address rather than a DNS name, despite the fact that ":" is not a valid character in DNS names. Given my BindAddress setting, it should not be attempting an IPv4 connection in the first place.